Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
Lately I have noticed this kind of bug:
#define ELEMENTS 20
BOOL array[ELEMENTS];
void foo()
{
memset(array,0, ELEMENTS); /* BOOL isn't 1 byte but 4 bytes long */
}
How to detect memset underflows? Most of static,dynamic analysers can find only overflows. One which is able is PVSStudio. http://www.viva64.com/en/d/0101/print/.
Any free/open source alternatives ( preferably Windows but Linux also can be )?
Visual Studio 2012 analysis - failed.
Clang analyzer - failed.
Cppcheck - failed.
You cannot detect this without external tools like Valgrind, but you can avoid the need to detect it.
Scale to the size of the array's element:
memset(array, 0, ELEMENTS * sizeof array[0]);
Or if you can make sure array isn't a pointer (as per your code snippet) just do:
memset(array, 0, sizeof array);
The most simple way to avoid this is to consequently initialise all variables on definition:
BOOL array[ELEMENTS] = {0};
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
So i was trying to learn what does stack overflow and heap overflow means and how its being exploited in C language? Is there any mitigation strategy we can apply to counter these exploitations? How the overflow occurs? If you can explain with an example it will be helpful to me as a starter.
TIA..
Very roughly:
a stackoverflow occurs when you call a recursive function and the recursion depth becomes too deep, or if you have very large local arrays in a function.
a heap overflow (or rather memory exhaustion) occurs when you use dynamic memory allocation with malloc and related functions and there is simply no more memory available.
Examples that will (most likely) cause a stack overflow:
void foo(int x)
{
foo(x+1); // never ending recursive call
}
void bar(int x)
{
int largelocal[10000000]; // very large local array
printf("Hello\n");
}
Example that will (most likely) cause memory exhaustion:
for(;;)
{
malloc(10000); // allocating memory over and over
}
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
I have declared an array of size 10. but I want to use only 6/7 of it. Then how can I determine how many numbers/characters are there?
The following code there I have scanned "Stack" that means 5 characters. How to get it? Is there Any easiest way to find this? I've tried by sizeof() but it's just giving me the size that I have declared earlier.
char str[10] ;
scanf("%s",&str); //scanned "Stack"
If you are using strings, then you can find the length of the stored value by using strlen.
However, if you want to store general integer data, C does not have mechanisms to know the size of the actual data stored.
You can create your own data structure, with a count field and an array of integers. You need to maintain this count in your program.
Depending in your application you can create functions to scan elements from user, or copy data from other array etc. As it gets more complicated you are approaching an OOP language and you may be better served by a vector in C++
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Improve this question
I have a huge code base. It has statement as shown below:
int a = ( (unsigned int) ((unsigned char) buffer[offset++]) << 8) | (unsigned int) (unsigned char) buffer[++offset];
Recently I migrated to higher version of a compiler. With compiler migration, evolution of complex statements as shown above resulted in inconsistent results.
I know this is a bad coding practice and want to correct it. Looking for static analyser which can flag these errors. Any pointers to perticular static analyser is appreciated.
It's not just bad coding practice.
It's dreadful. You are introducing an absolute truck load of undefined behaviour into your program.
|, unlike ||, is not a sequencing point. You are increasing offset twice, conceptually at the same time. The C standard does not define this behaviour.
You need to fix this immediately. Shelve the static analyser for now. Your compiler warning flag suite might be able to help you. But if I were in your position, I'd be in panic mode and I'd search my code base for ++ and --, and check every expression.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I'm analyzing a big chunk of C code and would like to split it into modules. Is there a way to automatically generate a list of C functions, starting with the ones that are the longest?
With the GNU userland (e.g. on Linux) you can use nm -S --size-sort object.o to get a list of symbols sorted by size from an object file. This should be approximately proportional to source code length.
If we can assume that the line with a function declaration is not indented, ends with { and the function definition ends with a non-indented }, this Python snippet can help:
#!/usr/bin/python
import sys
started = None
started_line = None
for lineno, line in enumerate(sys.stdin):
if line.startswith(' '):
continue
if line.strip().endswith('{'):
started = lineno
started_line = line.rstrip()
if line.strip().endswith('}'):
print("%s\t%s" % (lineno - started, started_line))
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I remember from some time ago reading about a commandline tool that explains C code, does anyone know what it might be named?
Perhaps you mean cdecl, a program that can translate complicated declarations to English and back?
e.g.
cdecl> explain int (*(*foo)(int ))(float )
declare foo as pointer to function (int) returning pointer to function (float) returning int
If you mean explaining then I think the answers already been given. If you mean looking for potential problems then there's lint and its variants, first stop in any code review.
http://en.wikipedia.org/wiki/Lint_programming_tool
Edit:
C/C++ Free alternative to Lint?
HTH